From 8310a3d62eb3aff2ce39f8c08e6a6e54f9219557 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 22 Feb 2019 10:52:35 -0500
Subject: [PATCH] also shred LUKS sealed secret when done instead of rm it

---
 initrd/bin/kexec-seal-key | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key
index c96dc637..46980af8 100755
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@@ -150,5 +150,5 @@ if ! tpm nv_writevalue \
 	|| die "Unable to write sealed secret to NVRAM"
 fi
 
-rm "$TPM_SEALED" \
+shred -n 10 -z -u "$TPM_SEALED" 2> /dev/null \
 || warn "Failed to delete the sealed secret - continuing"